Azure DevOps - pipeline variables - special char issue $$ - azure

I am using DevOps pipeline to build and deploy to different environments
For one environment I am encountering this issue where i am using a Pipeline Variable with $$ in the value
For Example:
Password pipeline variable with value = $omeCla$$Password
When i deploy it fails and when i check the logs the password is displayed as $omeCla$Password. So basically when $$ are together it drops one $
For all variable i am using regex __VaraibleValue__ and its working fine
I have tried:
$omeCla$\$Password to try and escape and it displays as $omeCla$\$Password . So basically \ doesn't work.
I tried '$omeCla$$Password' to try and escape and it displays as '$omeCla$Password'
I want to keep this value as a normal pipeline variable before review
So basically how can I escape this?
Or should I add a Secret Token here in the replace token task (see screenshot below)? and then make the pipeline variable secret? If so, what should I set for Secret Token? Also, in app.config in my repo what should I use instead of the regex __VariableName__ that I use for normal variables?

The solution was to use 4 $. So if you have $$ together you need to add $$$$
Example: $someCla$$$$Password
#JaneMa-MSFT as requested
https://developercommunity.visualstudio.com/content/problem/1296808/azure-pipeline-how-to-escape-special-characters-in.html

Related

Get current branch name

I'm running a script (bitbucket_pipelines.yml) and on one of the steps I need to know the current branch name, How can I get it?
I saw there is a predefined BITBUCKET_BRANCH variable, but I'm having troubles to print it so I can see its content.
I tried to do:
...
step:
script:
- echo $BITBUCKET_BRANCH
but when pipelines runs all I see is
echo $BITBUCKET_BRANCH
How can I really see the content of this variable?
I found that Bb Pipelines are sometimes picky when dealing with variables. Try changing this to echo "$BITBUCKET_BRANCH". Also, enclosing the whole line in single quotes might help.
#Shvalb, the question should be how to display the value of a variable in bitbucket pipeline.
I deal with bitbucket support on this matter before.
I want to echo a repo/pipeline variable to see the value and it is not showing correctly.
In my case, it was my repo variable conflict with my deployment/pipeline variable. However, from the support, I understand bitbucket is using search and replace the screen value to "hide" the actual value of the variable with direct echo.
in order to see the value, you can use
echo $VAR > /tmpfile
cat /tmpfile
It was the trick I used before but I am not sure whether it will still work.

Azure Devops Release Pipeline - Keyvault with special characters in the secret

I'm running a devops release pipeline and i pull back the keyvaults secrets via this task
steps:
task: AzureKeyVault#1
My secret value looks something like this. abc$def&ghi
I'm updating a database record with this secret via Powershell.
The value that ends up in the database is "abcghi" The $ and characters up to, and including the & are excluded.
Do I need to escape the secrets coming from keyvault somehow?
-Randy
Are you trying to use the secret value inside of a double-quoted string in your PowerShell database update script? Something like this:
$sqlCommand = "update table set value='abc$def&ghi' where id=1";
If so, PowerShell is attempting to expand $def as a variable. It's probably not really a variable and will expand into an empty string.
You can escape the dollar sign in your key vault by using a backtick `$, but you have to be careful if you need to use that secret in a non-PowerShell scenario.
Alternatively, you could use single-quote characters around your string instead; although you'll then need to escape any single-quote characters used inside that string:
$sqlCommand = 'update table set value=''abc$def&ghi'' where id=1';
See the PowerShell docs about quoting rules for more information.

Why are my build pipelines replacing specific values with asterisks? - Azure DevOps

My team is working to integrate an infrastructure-as-code scanning solution into our build pipelines and we've discovered that the string "GCP" is being replaced with three asterisks when tasks are being executed in our build pipelines. This isn't unique to one task either whereas I created a bash script to execute and list our our repository and all directories that start with "GCP" are replaced by the three asterisks. The only variable set using the "GCP" value is the "system.teamProject" variable and we are not using any secret values that I know of and there are no variable groups used.
Any help would be greatly appreciated. Thanks!
Bash Asterisk Output "ls -a"
IaC Scanning Asterisk Task Failure
If you have set any secret variables in your pipeline, or have linked any variable groups that contain secret variables (include the secrets from the connected external and remote services services), generally the values of these secrets will be masked as asterisks.
When you try to print the values of the secrets to the output logs, the values will display as asterisks in the logs. If you try to output the values into a text file, the values will still display as asterisks in the file.
In addition, if a string that is not set as secret but its substrings are the values of some existing secrets in the pipeline, these substring parts may be masked as asterisks when trying to output this string.
If you do not set any secrets, for us to investigate this issue further, would you like to share us with the actual value that was masked as asterisks in the the logs? We well investigate and evaluate whether this string contains some special or sensitive characters that may be automatically identified as secrets by Azure DevOps.

Azure DevOps Yaml: Gaining secret variable out of Azure KeyVault Task from Variable

I'm trying to obtain a secret out of my KeyVault.
The variable name is secretVar.
Obtaining the secret like this: $(secretVar) works fine however I would like to retrieve it from a variable like this:
I keep getting command not found and I've no idea why this shouldn't be working.
So the name of the secret I want to extract is inside a bash variable. For this question I've simplified the problem but in my real use case I have a bash for loop which loops through secret names and inside the for loop I want to extract the appropriate value from the KeyVault with the corresponding secret name like this:
for secretname in secrets; do
echo $($secretname) # This should contain the value of the secret but gives command not found
done
If anyone has an idea what could be happening, any help is very appreciated.
Thanks in Advance!
Look at the syntax you're using.
variable=secretVar
You are creating an environment variable with the literal value secretVar
Then you try to execute the value of the variable $variable with $($variable). So it tries to run the command secretVar, which obviously doesn't exist, and you get an error message.
The syntax you're looking for is
variable=$(secretVar)
just like you used in the first echo command in the script.
If you don't want to run the variable value as a command, the syntax would be $variable, not $($variable)
$variable is the syntax for a Bash environment variable.
$(variable) is the syntax for referencing Azure DevOps variables.
First of all, the script keyword is a shortcut for the command-line task. The task runs a script using cmd.exe on Windows and Bash on other platforms. You need to pay attention to the agent you are using.
If you want to set variables in scripts, you can use task.setvariable logging command. For example:
- script: |
echo $(secretvar)
echo "##vso[task.setvariable variable=variable]$(secretvar)"
- script: |
echo $(variable)
You can find more detailed information in this document.

How to stop GitLab from evaluating $ inside variable value?

I am passing GitLab variable while running CI/CD pipeline as below.
type - variable
key - password
value - {"a": "abc$def#pqr"}
I am reading it in some GitLab pipeline stage as below.
echo $password
It is showing as below.
{"a":"abc#pqr"}
But I want it to show as below.
{"a":"abc$def#pqr"}
I don't want it to evaluate $def as blank
Note:
I tried with \ escaping and with single quotes too.
I need this to be in json kind of format itself for further use.
Works fine on using double $$ instead of single $

Resources